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DETAILED ACTION 

1 . Applicant's response filed on August 29, 2005 has been received and 
carefully considered. 

Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

3. Claims 1-2, 11-13, 25 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Sit et al. (U.S. Patent No. 6,349,336), and further in view of Epstein 
et al. (U.S. Patent No. 6,584,508). 

Referring to claim 1 : 

i. Sit et al. teach: 

A secure system for transferring data, the system comprising: 

A client system (see e.g. figure 5, item 3141; and column 7, lines 17-19); 

A server (see e.g. figure 5, item 308E; and column 7, lines 19-22); 

A secure system interposed between the client system and the server for 
controlling communications between the client system and the server, the security 
system including: 

A first proxy system (see e.g. figure 5, item 306) and a second proxy 
system (see e.g. figure 5, item 312), the first proxy system coupled between the client 
system and the second proxy system (see e.g. figure 5, items 308I, 306, 312; and 
column 7, lines 15-25) and the second proxy system coupled between the server and 
the first proxy system (see e.g. figure 5, item 308E, 312, 306); 
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A firewall coupled between the first proxy system and the second proxy 
system (see figure 5, items 312, 305, 306), firewall restricting data flow between the first 
proxy system the second proxy system to outbound communications through a single 
port on the firewall (see figure 5, item 305; and column 7, lines 26-28). 

ii. Sit et al. teach the claimed subject matter: Sit et al. teach to 
establish a secure communication channel between client and server to transfer HTTP 
data. However, Sit et al. do not teach to transfer FTP data with the system. Epstein et 
al. teach a secure system wherein FTP data, as well as HTTP data and SMTP data can 
be transferred (see figure 2, item 206C; and column 4, lines 16-20 of Epstein et al.). 

iii. It would have been obvious to a person of ordinary skill in the art at 
the time the invention was made to combine the teaching of Epstein et al. into the 
system of Sit et al. 

iv. The ordinary skilled person would have been motivated to have 
applied the teaching of Epstein et al. into the system of Sit et al. for increasing the 
security of network guard system (see column 1 , lines 14-15 of Epstein et al.). 
Referring to claim 2 : 

Sit et al./Epstein et al. teach: 

The client system will send the request to the first proxy system. 
The first proxy system will forward the request to the second proxy system, via the 
single port in the firewall, and the second proxy system will establish a connection with 
the server (see e.g. figure 5, items 308I, 306, 305, 312, 308E; and column 7, lines 34-40 
of Sit et al.). 

Referring to claim 1 1 : 

Sit et al./Epstein et al. teach: 
A system of transferring data, comprising a plurality of clients and a plurality of 
servers to transfer data through the single port in the firewall (see figure 5, items 3101, 
3081, 3141, 3161, 310E, 308E, 314E, 316E; and column 7, lines 15-25 of Sit et al.). 
Referring to claim 12 : 

This claim has limitations which is similar to those of claim 1 , thus it is rejected 
with the same rationale applied against claim 1 above. 
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Referring to claim 13 : 

This claim has limitations which is similar to those of claim 2, thus it is rejected 
with the same rationale applied against claim 2 above. 
Referring to claim 25 : 

This claim has limitations which is similar to those of claim 11, thus it is rejected 
with the same rationale applied against claim 1 1 above. 

4. Claims 3-4, 14-15 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Sit et al. (U.S. Patent No. 6,349,336), Epstein et al. (U.S. Patent No. 
6,584,508), and further in view of Fan et al. (U.S. Patent No. 6,219,706). 

Referring to claim 3 : 

i. Sit et al./Epstein et al. teach the claimed subject matter: Sit et 
al./Epstein et al. teach to establish a secure communication channel between client and 
server to transfer FTP data. However, Sit et al./Epstein et al. are silent about 
command ( or control ) channel in FTP data transfer. 

ii. Fan et al. teach a control channel. The control channel is used to 
initiate the FTP (File Transfer Protocol) connection between the client and the server 
(see column 2, lines 12-14 of Fan et al.). 

iii. It would have been obvious to a person of ordinary skill in the art at 
the time the invention was made to apply the teaching of Fan et al. into the system of Sit 
et al./Epstein et al. 

iv. The ordinary skilled person would have been motivated to have 
applied the teaching of Fan et al. into the system of Sit et al./Epstein et al. to protect 
sensitive resources such as engineering workgroup server or financial databases from 
unauthorized users (see column 1, lines 24-26 of Fan et al.). 

Referring to claim 4 : 

i. Sit et al./Epstein et al. teach the claimed subject matter: Sit et 
al./Epstein et al. teach to establish a secure communication channel between client and 
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server to transfer FTP data. However, Sit et al./Epstein et al. are silent about 
transferring a representation of a socket from server to the client. 

ii. Fan et al. disclose the process of setting up a FTP data connection. 
Via the control channel mentioned in claim 3, the client and server negotiate a port 
number for data channel (see column 2, lines 14-17 of Fan et al.). 

iii. It would have been obvious to a person of ordinary skill in the art at 
the time the invention was made to apply the teaching of Fan et al. into the system of Sit 
et al./Epstein et al. 

iv. The ordinary skilled person would have been motivated to have 
applied the teaching of Fan et al. into the system of Sit et al./Epstein et al. to protect 
sensitive resources such as engineering workgroup server or financial databases from 
unauthorized users (see column 1, lines 24-26 of Fan et al.). 

Referring to claim 14 : 

This claim has limitations which is similar to those of claim 3, thus it is rejected 
with the same rationale applied against claim 3 above. 
Referring to claim 1 5 : 

This claim has limitations which is similar to those of claim 4, thus it is rejected 
with the same rationale applied against claim 4 above. 

5. Claims 5-10, 16-24 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Sit et al. (U.S. Patent No. 6,349,336), Epstein et al. (U.S. Patent No. 
6,584,508), Fan et al. (U.S. Patent No. 6,219,706), and further in view of Albert et al. 
(U.S. Patent No. 6,687,222). 

Referring to claim 5 : 

i. Sit et al./Epstein et al./Fan et al. teach the claimed subject matter: 
Sit et al./Epstein et al./Fan et al. teach to establish a secure communication channel 
between client and server to transfer FTP data. However, Sit et al./Epstein et al./Fan et 
al. do not teach modifying the IP address in the socket. 
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ii. Albert et al. teach to modify the IP address of the host in a packet 
before forwarding the packet on to client (see figure 3A, item 302; and column 12, lines 
29-33 of Albert et al.). 

iii. It would have been obvious to a person of ordinary skill in the art at 
the time the invention was made to apply the teaching of Albert et al. into the system of 
Sit et al./Epstein et al./Fan et al. 

iv. The ordinary skilled person would have been motivated to have 
applied the teaching of Albert et al. into the system of Sit et al./Epstein et al./Fan et al. 
for enabling a device that is protected by a firewall to be controlled by a device external 
to the firewall (see column 1 , lines 10-12 of Sit et al.). 

Referring to claim 8 : 

This claim has limitations which is similar to those of claim 5, thus it is rejected 
with the same rationale applied against claim 5 above. 

Referring to claim 6 : 

Sit et al./Epstein et al./Fan et al./Albert et al. teach: 
The client system transmits a request through said security system for 
data located on the server (see figure 5, items 308I, 306; and column 7, lines 34-40 of 
Sit etal.). 

Referring to claim 7 : 

Sit et al./Epstein et al./Fan et al./Albert et al. teach: 
The first proxy server forwards the request to the second proxy server via 
the single port on the firewall, and on to the data server (see figure 5, items 306, 305, 
312, 308E; and column 7, lines 34-40 of Sit et al.). 
Referring to claim 9 : 

Sit et al./Epstein et al./Fan et al./Albert et al. teach: 
The server transmits data through said security system to first proxy (see 
e.g. figure 5, items 308E, 312, 305, 306; and column 7, lines 34-40 of Sit et al.). 
Referring to claim 10 : 

Sit et al./Epstein et al./Fan et al./Albert et al. teach: 
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The first proxy transmits data to the client system (see e.g. figure 5, items 
306, 308I; and column 7, lines 34-40 of Sit et al.). 
Referring to claims 16,17.18 : 

These claims have limitations which is similar to those of claim 5, thus they are 
rejected with the same rationale applied against claim 5 above. 
Referring to claim 19, 22 : 

These claims have limitations which is similar to those of claim 6, thus they are 
rejected with the same rationale applied against claim 6 above. 
Referring to claim 20 : 

This claim has limitations which is similar to those of claim 7, thus it is rejected 
with the same rationale applied against claim 7 above. 
Referring to claim 21 : 

This claim has limitations which is similar to those of claim 8, thus it is rejected 
with the same rationale applied against claim 8 above. 
Referring to claim 23 : 

This claim has limitations which is similar to those of claim 9, thus it is rejected 
with the same rationale applied against claim 9 above. 
Referring to claim 24 : 

This claim has limitations which is similar to those of claim 10, thus it is rejected 
with the same rationale applied against claim 10 above. 

Response to Arguments 

6. Applicant's arguments filed on August 29, 2005 have been fully 
considered but they are not persuasive. 



Applicant argues that: 

"Sit discloses a hypertext transfer protocol (HTTP) tunneling action that 
allows a remote processor to communicate with a local processor when the remote 
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processor is coupled to the local processor via a reverse proxy device, a computer 
network, a firewall and a proxy agent device" 

"In its proper context, the quoted passage only shows that the two proxy 
devices are in "persistent connection" with each other while servicing a HTTP session" 

"To achieve this goal, Sit implements two HTTP proxies to trick the firewall 
into believing the incoming requests are response to some outgoing requests." 

Examiner maintains that: 

The invention of Sit et al. enables a tunneling action that allows a remote 
processor to communicate with a local processor when the remote processor is coupled 
to the local processor via a reverse proxy device, a computer network, a firewall and a 
proxy agent device (see abstract of Sit et al.). Sit et al. disclose that that the invention 
relates to message transfer across a firewall (see column 1, lines 9-10 of Sit et al.), and 
that the invention can be applied to HTTP and other message transfer protocols such as 
Simple Mail Transfer Protocol (SMTP) (see page 4, lines 45-50 of Sit et al.). Sit et al. 
further disclose that the provision of reverse proxy 312 and agent 306 allows browsers 
3141, 314E and Web servers 308I, 308E to be completely ignorant of the reverse 
tunneling procedure, and that the procedure is also transparent to applications such as 
3161 and 31 6E that interface directly with agent 306 and reverse proxy 312, 
respectively. Accordingly, the present invention is implemented without any 
modification of code or addition of code with respect to applications 3161, 316E, 
applications running on the PCs 3101, 310E, Web servers 308I, 308E and browsers 
3141, 314E (see figure 5; and page 8, lines 22-31 of Sit et al.). 

Applicant argues that: 

"While one connection is kept open between the two proxy devices for one 
HTTP session, there is no suggestion that the same connection will be used for all 
HTTP sessions (i.e., all data flows) between the two proxy devices." 

Examiner maintains that: 

Figure 5 of Sit et al. indicates the multiplexing capability of reverse proxy 
312 and the proxy agent 306. 
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Epstein et al. also disclose that the very essence of a proxy is network I/O. 
The proxy will therefore need to perform socket-related system calls. Depending on the 
proxy, it is possible to restrict the ports that the proxy is allowed to access so that the 
proxy cannot poke extra holes in the firewall. HTTP proxies will typically bind only to a 
default socket (e.g., 80). Accordingly, a software wrapper for an HTTP proxy can 
include a constraint such that the HTTP proxy can only bind to the default socket (see 
column 6, lines 28-36 of Epstein et al.). 

Applicant argues that: 

"There Is No Suggestion or Motivation to Combine or Modify Sit and 

Epstein." 

Examiner maintains that: 

In response to applicant's argument that there is no suggestion to 
combine the references, the examiner recognizes that obviousness can only be 
established by combining or modifying the teachings of the prior art to produce the 
claimed invention where there is some teaching, suggestion, or motivation to do so 
found either in the references themselves or in the knowledge generally available to one 
of ordinary skill in the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 
1988) and In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992). In this case, 
Sit et al. disclose that the invention relates to message transfer across a firewall (see 
column 1, lines 9-10 of Sit et al.), and that the invention can be applied to HTTP and 
other message transfer protocols such as Simple Mail Transfer Protocol (SMTP) (see 
page 4, lines 45-50 of Sit et al.). Sit et al. further disclose that the provision of reverse 
proxy 312 and agent 306 allows browsers 3141, 314E and. Web servers 308I, 308E to 
be completely ignorant of the reverse tunneling procedure, and that the procedure is 
also transparent to applications such as 3161 and 31 6E that interface directly with agent 
306 and reverse proxy 312, respectively (see figure 5; and page 8, lines 22-27 of Sit et 
al.). On the other hand, Epstein et al. discloses a system wherein the proxy server 
includes a plurality of proxy applications, including FTP proxy application (see column 4, 
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lines 16-20 of Epstein et al.). Therefore, there is a motivation to combine the teaching 
of Epstein et al. with the system of Sit et al. 

Applicant argues that: 

"The Sit-Epstein Combination Fails to Teach or Suggest All the Elements 
in the Claimed Invention" 

Examiner maintains that: 

Sit et al. and Epstein et al. do not need to disclose anything over and 
above the invention as claimed in order to render it unpatentable or anticipated. A 
recitation of the intended use of the claimed invention must result in a structural 
difference between the claimed invention and the prior art in order to patentably 
distinguish the claimed invention from the prior art. If the prior art structure is capable of 
performing the intended use, then it meets the claimed limitations. 

For the above reasons, it is believed that the rejection should be 

sustained. 



Conclusion 

7. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire 
THREE MONTHS from the mailing date of this action. In the event a first reply is filed 
within TWO MONTHS of the mailing date of this final action and the advisory action is 
not mailed until after the end of the THREE-MONTH shortened statutory period, then 
the shortened statutory will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 
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Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Joseph Pan whose telephone number is 571-272- 
5987. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Kim Vu can be reached at 571-272-3859. The fax and phone 
numbers for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Any inquiry of a general nature or relating to the status of this application 
or proceeding should be directed to the receptionist whose telephone number is 571- 
272-2100. 

Joseph Pan ' f 

October 24, 2005 ^ 



